Spam in March 2012: Crusade Against Spammers Yields Results

19 Apr 2012Spam News

In March Kaspersky Lab experts, together with their colleagues from other organizations specializing in IT security, succeeded in closing down the latest version of the notorious Hlux/Kelihos botnet. As a result, the proportion of spam in email traffic dropped by 3.5 percentage points compared to the previous month and averaged 75%. In absolute terms, this translated into a 20% fall in the amount of spam compared to February.

However, the decrease in the amount of unsolicited email did not affect the level of danger inherent in spam: the same proportion of malicious files (2.8%) was found in email traffic as in the previous month. For the third month in a row the US topped the rating of email antivirus detections: the share of Kaspersky Mail Anti-Virus detections increased by 1.7 percentage points in the US compared to February and accounted for 14.7% of the overall total. Australia came an unexpected second with 12.4%, having doubled its result for February (an increase of 6.9 percentage points). As was the case in February, Hong Kong occupied third place.

In order to spread malicious code via email, spammers need to keep inventing newer and more resourceful social engineering scams. A mass mailing detected on 20-23 March offered a prime example of this. The messages in the mailing mimicked a confirmation message from an airline’s online ticket reservation system that referred to a flight scheduled for 20 March. A link in the message led to the installation of a Trojan program that then downloaded the infamous ZeuS/Zbot, a malicious program is designed to steal personal data from users of online payment services.

The most popular themes exploited in spam throughout March were St. Patrick’s Day, Easter and the launch of iPad 3. It should be noted that the topic of holidays was actively exploited for commodity advertising, whereas the new Apple iPad was used as bait. Promising a free iPad or iPhone is an old, well-known trick which is obviously still effective because the fraudsters continue to utilize it to drag users into pyramid schemes or trick them into clicking on phishing or malicious links. A month ago the recipients of these mailings were mainly being offered an iPad 2 or an iPhone 4S – now it is the turn of iPad 3.

“March did not bring significant changes to the top rated sources of spam. The first three places were occupied by India, Indonesia and Brazil,” says Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab. “Although the proportion of spam may have decreased slightly, it is still dangerous and the distributors of unsolicited messages are resorting to increasingly sophisticated scams.”